package com.umeox.moto.mqtt.mode;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class MqttTrustManager implements X509TrustManager {

    private X509TrustManager defaultTrustManager;
    private KeyStore defKeyStore;

    public MqttTrustManager() {

    }

    public MqttTrustManager(InputStream certificate) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        defKeyStore = createKeyStore(certificate);
        TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
        factory.init((KeyStore) null);
        this.defaultTrustManager = (X509TrustManager) factory.getTrustManagers()[0];
    }

    private KeyStore createKeyStore(InputStream inStream) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inStream);
        keyStore.setCertificateEntry(certificate.getSubjectX500Principal().getName(), certificate);
        return keyStore;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
//        try {
//            this.defaultTrustManager.checkServerTrusted(chain, authType);
//        } catch (CertificateException certificateExp) {
//            try {
//                CertPathValidator pathValidator = CertPathValidator.getInstance("PKIX");
//                CertificateFactory factory = CertificateFactory.getInstance("X509");
//                CertPath certPath = factory.generateCertPath(Arrays.asList(chain));
//                PKIXParameters certPathParameters = new PKIXParameters(defKeyStore);
//                certPathParameters.setRevocationEnabled(false);
//                pathValidator.validate(certPath, certPathParameters);
//            } catch (CertificateNotYetValidException validExp) {
//                Log.d("MqttTrustManager", "CertificateNotYetValidException " + validExp);
//                return;
//            } catch (Exception e) {
//                Throwable throwable = e.getCause();
//                if (throwable instanceof CertificateNotYetValidException) {
//                    Log.d("MqttTrustManager", "validate cert failed.because system is early than cert valid . wsf will ignore this exception," + e);
//                    return;
//                }
//
//                Log.d("MqttTrustManager", "checkServerTrusted faied." + certificateExp);
//                Log.d("MqttTrustManager", "validate cert failed." + e);
//                throw certificateExp;
//            }
//        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
//        return new X509Certificate[0];

        return null;
    }
}